Ceritificate based IPSEC VPN in freeBSD

Here I considering ESP IPSEC with authentication based on certificate between two peer.

1. use the following command to generate private key and certificate request

openssl req -new -nodes -out req.pem -keyout cert.pem

here cert.pem is the private key and req.pem is the certificate request

2. Get this certificate signed by some certificate authority (CA) using the following commands

openssl x509 -req -days 365 -in certs/req.pem -CA cacert.pem -CAkey private/cakey.pem -CAcreateserial -outform PEM -out certs/mycert.pem

3. Now put both the certificate as well as CA public certificate in the directory specified in racoon.conf file give the following commands

ln -s CA.crt `openssl x509 -noout -hash -in CA.crt`.0

4. Start racoon


ref :http://www.fefe.de/racoon.txt

How to install a package in freeBSD

1. Usually freeBSD provides a ports for many packages. So just search for a port using the following commands
whereis package name
this may give out like this /usr/ports/.....
now just change the directory to the above directory and give commands
make install clean
for removing make deinstall clean
if you having package tar file in /usr/ports/distfiles/ then fine you are done otherwise freeBSD will try to connect to internet. If you are not connected to internet just download the package (note the version number required) manually and put it in /usr/ports/distfiles

2. If no port is available for the desired package. Then use the following commands

pfg_add package name
for removing pkg_delete package name

good luck